Try SpotterLook up secrets stored in AWS Secrets Manager.
| "added in version" 2.8 of ansible.builtin"
Authors: Aaron Smith <ajsmith10381@gmail.com>
pipInstall with pip install ansible==2.9.17
Look up secrets stored in AWS Secrets Manager provided the caller has the appropriate permissions to read the secret.
Lookup is based on the secret's `Name` value.
Optional parameters can be passed into this lookup; `version_id` and `version_stage`
- name: Create RDS instance with aws_secret lookup for password param
rds:
command: create
instance_name: app-db
db_engine: MySQL
size: 10
instance_type: db.m1.small
username: dbadmin
password: "{{ lookup('aws_secret', 'DbSecret') }}"
tags:
Environment: staging
join:
default: false
description:
- Join two or more entries to form an extended secret.
- This is useful for overcoming the 4096 character limit imposed by AWS.
type: boolean
_terms:
description: Name of the secret to look up in AWS Secrets Manager.
required: true
region:
description: The region for which to create the connection.
env:
- name: EC2_REGION
- name: AWS_REGION
type: str
version_id:
description: Version of the secret(s).
required: false
aws_profile:
aliases:
- boto_profile
description: The AWS profile
env:
- name: AWS_DEFAULT_PROFILE
- name: AWS_PROFILE
type: str
version_stage:
description: Stage of the secret version.
required: false
aws_access_key:
aliases:
- aws_access_key_id
description: The AWS access key to use.
env:
- name: EC2_ACCESS_KEY
- name: AWS_ACCESS_KEY
- name: AWS_ACCESS_KEY_ID
type: str
aws_secret_key:
aliases:
- aws_secret_access_key
description: The AWS secret key that corresponds to the access key.
env:
- name: EC2_SECRET_KEY
- name: AWS_SECRET_KEY
- name: AWS_SECRET_ACCESS_KEY
type: str
aws_security_token:
description: The AWS security token if using temporary access and secret keys.
env:
- name: EC2_SECURITY_TOKEN
- name: AWS_SESSION_TOKEN
- name: AWS_SECURITY_TOKEN
type: str
_raw: description: Returns the value of the secret stored in AWS Secrets Manager.